Use of Session Replay Technology Is Not 'Unlawful Eavesdropping': Dynatrace
Alyssa Gary and Marla Defoort’s first amended complaint against Dynatrace should be dismissed in its entirety with prejudice because they can't state a claim against Dynatrace, said the defendant's motion to dismiss Friday (docket 3:23-cv-11673) in U.S. District Court for…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Massachusetts in Springfield. The plaintiffs also lack Article III standing, and Defoort fails to plausibly allege facts to support a claim under a theory of liability under the California Invasion of Privacy Act, said Dynatrace. The plaintiffs allege that Dynatrace “wiretaps” electronic communications of “thousands” of website visitors, secretly observing and recording their “keystrokes, mouse clicks, data entry, and other electronic communications, in real time” (see 2307270025). Plaintiff Gary visited Ulta Beauty’s website last year to buy cosmetics, and her keystrokes, mouse clicks and other electronic communications “were intercepted in real time and disclosed” to Dynatrace, along with her IP address, geolocation and information about her device, it said. The “capturing, recording, and redirection” of her website interactions began when she accessed the Ulta site, “before any purported disclosures were made,” the complaint alleged. Defoort, too, was unaware her website interactions on Ulta Beauty were being disclosed to Dynatrace, the complaint said. When the plaintiffs voluntarily browsed Ulta Beauty’s website, their online activity “was purportedly captured by Dynatrace’s ‘session replay’ technology, which Ulta used on its website “to understand and improve its online consumer experience,” said the motion. The technology enables website owners to identify ways to improve website design “to be more consumer-friendly, resolve problems consumers may encounter, and protect against fraud,” the motion said. Plaintiffs’ unidentified activities on the website are the “online equivalent of browsing in a brick-and-mortar store” and “not protected private activity or communications that Dynatrace somehow eavesdropped,” it said. Courts have rejected similar claims on grounds that this type of online activity isn’t protected and not the type of conduct the “decades-old laws were intended to prohibit,” it said. Also, the use of session replay technology to improve a website “does not constitute unlawful eavesdropping,” it said. The Massachusetts court “should do the same here and dismiss this misdirected lawsuit,” it said.